Rule documentation
Learn everything about our rules, and how to leverage them drive absolute quality in your development team.
47 articles in this collection
Written by Lorenzo Frattini and Gabriele Gallo Stampino
Written by Lorenzo Frattini and Gabriele Gallo Stampino
Security best practices
Content Security Policy (CSP)
Make sure that resources used by Visualforce or Lightning components are retrieved securely in accordance to your Content Security Policy.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Insecure endpoints
Ensure HTTP callouts use secured endpoints (HTTPS) to protect your application and users from attack.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Named credentials
Enforce using named credentials instead of manually hard-wiring credentials when performing HTTP requests.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Randomization of cryptographic keys
Detect uses of cryptography with hard-wired keys, so that the security of encrypted data is not compromised.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Coding best practices
Asynchronous methods in loops
Prevent the use of asynchronous Apex methods (@future) inside loops, to help your application cope with larger volumes of data properly.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Boundaries on SOQL statements
Ensure all SOQL statements are either bound by either a LIMIT or by a WHERE clause.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Bulkification of triggers
Ensure your Apex triggers can process data in bulks and properly deal with larger volumes.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Business logic in triggers
Detect the presence of non-trivial business logic inside Apex triggers.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Metadata API recency
Ensure your components are up to date with a recent enough version of the Salesforce API.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Multiple triggers per object
Detect multiple triggers on the same object, and prevent non-deterministic behaviours.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Nested IFs
Keep your code easy to read and test by containing the use of nested conditional structures.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Number of arguments per method
Limit the number of arguments allowed for each method to keep your code easy to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Number of methods per class
Limit the number of methods allow per each Apex class, to encourage good design.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Send email in loops
Prevent uses of Messaging.sendEmail inside loops, to reduce the risk of running into governor limits.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Database operations
CRUD and Field-Level Security
Ensure that CRUD permissions and Field-Level Security are enforced in Visualforce and Lightning, to avoid exposing sensitive data.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Data access in loops
Prevent the use of any SOQL or DML inside loops to help your application cope with larger volumes of data properly.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Data manipulation in constructors
Prevent all constructors from writing in to the database, so that creation of objects does not have any data-altering side-effects.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Exception handling
Enforce the presence of a try/catch block to handle possible exceptions around DML statements.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Sharing
Ensure proper sharing behaviour on classes that access data or expose it data in views or APIs.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Transaction control
Enforce the use of transaction control (savepoints and rollbacks) when multiple database operations are performed within the same block.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Hardcoded IDs
Hardcoded IDs in code
Detect any hardcoded record IDs in your Lightning controllers and Apex classes and triggers.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Hardcoded IDs in configuration
Detect any hardcoded record IDs inside configuration fields such as formulas.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Lightning best practices
Inline JavaScript
Prevent the use of inline JavaScript to ensure proper separation of concern between model and view in your Lightning components.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Unsafe JavaScript
Prevent any use of the unsafe eval method in your Lightning controllers to reduce security risk
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Naming conventions
Naming conventions on Apex classes
Keep your class names consistent, easier to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Naming conventions on Apex triggers
Keep your trigger names consistent, easier to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Naming conventions on Apex methods
Keep your method names consistent, easier to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Naming conventions for Apex variables
Keep your variable names consistent, easier to read and maintain.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Optimizations
Optimized loading of resources
Make sure any inclusion of static resources such as scripts or stylesheets leverage the appropriate built-in optimizations.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Unnecessary code detection
Detect unused or empty methods, interfaces that are never implemented, and more unnecessary code.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Testing best practices
Assertions with comments
Use this rule to ensure all assertions include explanatory comments.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Minimum number of assertions
Enforce a requirement on the minimum number of assertions for any test methods.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Test data isolation
Ensure that test methods create their own data and don't access actual data in your org.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Untested methods
Identify Apex methods that aren't covered by any unit tests.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Use of @IsTest annotation
Keep your test cleaner using the @IsTest annotation, instead of using the deprecated testMethod keyword.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Use of test data factories
Ensure test data are created using factory methods, to limit the code maintenance needed when changing validation rules.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Visualforce best practices
Salesforce1 compatibility in Visualforce
Ensure your Visualforce customizations work on the Salesforce1 mobile app.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
User-friendly messages in Visualforce
Ensure that Visualforce pages and components display errors in a user-friendly manner.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Visualforce view state optimization
Keep the size of the Visualforce view state lean, in order to minimize loading times and avoid hitting governor limits.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Vulnerability protection
Protection against known JavaScript vulnerabilities
Detect Javascript libraries that might expose your application to known vulnerabilities.
Written by Gabriele Gallo Stampino
Updated over a week ago
Updated over a week ago
Arbitrary Page Redirect
Detect statements that might expose your app to Arbitrary Page Redirect vulnerability.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Cross-Site Scripting (XSS)
Detect expressions that might be vulnerable to Cross-Site Scripting (XSS) in Apex, Visualforce and Lightning components.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Cross-Site Request Forgery (CSRF)
Detect Cross-Site Request Forgery vulnerabilities in your Salesforce app.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
Insecure Direct Object References
Detect insecure direct object references (DOR) and avoid accidentally exposing sensitive data in your app.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago
SOQL/SOSL Injection
Ensure user-supplied input is sanitized before using it in dynamic SOQL or SOSL queries.
Written by Lorenzo Frattini
Updated over a week ago
Updated over a week ago